ClawHub

Ogment

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Ogment connector, but it gives an agent broad access to sensitive SaaS apps and database tools without enough built-in limits or confirmation rules.

Review before installing. Only connect accounts you are comfortable letting an agent query, prefer narrow Ogment permissions, and require explicit approval before the agent sends messages, edits records, deletes data, runs database SQL, or uses any tool with side effects. Revoke Ogment access when you no longer need it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill is framed very broadly as a general gateway to 100+ SaaS integrations and does not define clear activation boundaries, allowed tasks, or user-confirmation requirements before accessing external systems. In an agent setting, this increases the chance of overbroad invocation and unintended access to sensitive connected services such as Gmail, Slack, Notion, or databases when a prompt only loosely relates to those domains.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instructions encourage authentication, discovery, and invocation across sensitive services but do not require privacy warnings, data-minimization steps, or confirmation before reading or modifying user data. This is more dangerous in context because the examples include Gmail, Slack, Notion, and especially Supabase SQL execution, which could expose private content or perform destructive actions if an agent invokes tools without strong consent and operation-level safeguards.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal